The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's core workflow in SKILL.md requires the agent to modify Python templates in the scripts/ directory by injecting user-supplied data into designated areas and then executing the resulting scripts using python3. This dynamic generation and execution of code is a significant security concern.
[COMMAND_EXECUTION]: Multiple scripts (e.g., scripts/bar_memevolve.py, scripts/radar_dora.py, scripts/scatter_tsne.py) contain hardcoded absolute file paths starting with /Users/bytedance/ for saving output files. Executing these scripts as-is might fail on different systems or lead to unexpected file writes.
[DATA_EXFILTRATION]: The presence of hardcoded absolute paths in all scripts disclose sensitive information about the developer's local file system structure and username (bytedance).
[PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection as it processes untrusted user data for script generation. Ingestion points: User-provided data (numbers, arrays, CSV) defined in SKILL.md; Boundary markers: None identified in the workflow to separate data from the executable script logic; Capability inventory: Execution of Python scripts via python3 and file system writes via matplotlib.pyplot.savefig; Sanitization: No validation or sanitization of user data is performed before it is interpolated into the Python templates.

plot-from-data